Authentication and calibration via gaze tracking

ABSTRACT

In an example in accordance with the present disclosure, a system is described. The system includes a display device and a gaze tracking system to capture eye movements of a user looking at the display device. The system also includes a controller. The controller authenticates the user based on eye movements of the user matching an eye movement authentication pattern. The controller also calibrates a computing device based on the eye movements of the user.

BACKGROUND

Computing systems provide access to numerous pieces of information andnumerous computing applications. For example, via computing devices andnetworks, users can access information and applications anywhere acrossthe globe. In some examples, the information or application a user isattempting to access is located on a remote server and access is madevia a network. In other examples, the information is stored locally onthe computing device.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings illustrate various examples of the principlesdescribed herein and are part of the specification. The illustratedexamples are given merely for illustration, and do not limit the scopeof the claims.

FIG. 1 is a block diagram of a system for authenticating a user andcalibrating a computing device using gaze tracking, according to anexample of the principles described herein.

FIG. 2 is a diagram of a user donning an enhanced reality headset whichauthenticates and calibrates via gaze tracking, according to an exampleof the principles described herein.

FIG. 3 is a block diagram of a system for granting access based onauthentication via gaze tracking, according to an example of theprinciples described herein.

FIG. 4 is a flowchart of a method for authenticating and calibrating viagaze tracking, according to an example of the principles describedherein.

FIGS. 5A - 5E are screenshots of authenticating and calibrating via gazetracking, according to an example of the principles described herein.

FIG. 6 is a block diagram of a system for authenticating a user andcalibrating a computing system using gaze tracking, according to anexample of the principles described herein.

FIG. 7 is a flowchart of a method for authenticating and calibrating viagaze tracking, according to an example of the principles describedherein.

FIG. 8 depicts a non-transitory machine-readable storage medium forauthenticating and calibrating via gaze tracking, according to anexample of the principles described herein.

Throughout the drawings, identical reference numbers designate similar,but not necessarily identical, elements. The figures are not necessarilyto scale, and the size of some parts may be exaggerated to more clearlyillustrate the example shown. Moreover, the drawings provide examplesand/or implementations consistent with the description; however, thedescription is not limited to the examples and/or implementationsprovided in the drawings.

DETAILED DESCRIPTION

As described above, computing devices provide access to data andapplications to users. Such informational exchange is independent ofgeographic boundaries and may be portable. For example, a user mayaccess certain information stored on their home computing device evenwhen they are not at home, for example through their mobile device.Similarly, a user may access information that is not stored locally,such as bank account information, from their home computing deviceand/or their phone. Similarly, applications that are stored at onelocation may be accessed by a user at an entirely different location.

Clearly, the global nature of information exchange provides countlessbenefits to users of those computing devices as information has becomemore widespread and portable. Certain developments may increase thesecurity of this data.

That is, as digital data storage opportunities have increased over theyears, so too has the risk that such data may be hacked by malicious andnefarious parties. For example, a hacker may gain unauthorized access toinformation located on a server, which information may be personal,sensitive or otherwise confidential.

Accordingly, the present specification describes systems and methodsthat enhance the security of computing resources such as data and/orapplications. Specifically, the system includes a gaze tracking systemthat follows a user’s eyes across a display device. Prior to logging in,a user may set an eye movement authentication pattern. Such an eyemovement authentication pattern may define a sequence of differentregions on the display screen that the user is looking at. Duringauthentication, a user may be presented with an interface that allowsthem to look at different regions of the display screen. If the user’seye movements during authentication match those as defined by the eyemovement authentication pattern, a user is granted access to the dataand/or applications. Accordingly, such a system provides a unique methodto specifically identify a user attempting access to computingresources.

In one particular example, the authentication process described abovemay be implemented in enhanced reality systems. Enhanced reality systemsallow a user to become immersed in an enhanced reality environmentwherein they can interact with the enhanced environment. Enhancedreality systems include virtual reality (VR) systems, augmented reality(AR) systems, and mixed reality (MR) systems. Such enhanced realitysystems can include enhanced reality headsets to generate realisticimages, sounds, and other human discernable sensations that simulate auser’s physical presence in a virtual environment presented at theheadset. AVR system includes physical spaces and/or multi-projectedenvironments. AR systems may include those systems and devices thatimplement live direct and/or indirect displays of a physical, real-worldenvironment whose elements are augmented by computer-generated sensoryinput such as sound, video, graphics and/or GPS data. MR systems mergereal and virtual worlds to produce new environments and visualizationswhere physical and digital objects co-exist and interact in real time.For simplicity, VR systems, AR systems, and MR systems are referred toherein as enhanced reality systems.

Such enhanced reality systems may be used to access the information andapplications as described above, via an authentication process. However,this process may be cumbersome as a user may have to remove the headsetto enter authentication credentials. For example, a user may take theheadset off, log in via a browser to authenticate and gain access, anddon the headset again to use different applications and/or access thedata. Accordingly, the present specification describes a gaze-trackingauthentication operation that avoids the potentially cumbersome andrepeated process of taking on and off the headset to enterauthentication credentials.

Moreover, in some examples, the enhanced reality headset goes through acalibration phase which ensures that eye movements are properly trackedin the enhanced reality system and that accurate interpretations aremade of eye movements. The present specification joins theauthentication via gaze tracking into this calibration phase to reducelog in friction for the end user. For example, to calibrate the enhancedreality system, a user moves their eyes in a predetermined fashion. Asdescribed above, in the present specification, the movement of the eyesthat are used to calibrate the enhanced reality system are user-definedand unique, thus serving as an authentication process as well. That is,during a login, a user may be prompted to enter an eye movementauthentication pattern. The movement of the user’s eyes during thisauthentication operation may be used to calibrate the enhanced realitysystem.

Users of enhanced reality headsets range in domains from healthcare, todesign, to location-based entertainment. In these use cases, users maygo through an authentication process to gain access to differentapplications and/or data. As mentioned earlier, entry of username andpassword is not friction-free. In particular, in an example where a useris donning an enhanced reality headset, the current systems and methodsreduce friction by integrating parts of the authentication process intoeye-tracker calibration phase, thus leading to a better user experiencefor end users.

Specifically, the present specification describes a system. The systemincludes a display device and a gaze tracking system to capture eyemovements of a user looking at the display device. The system alsoincludes a controller. The controller authenticates the user based oneye movements of the user matching an eye movement authenticationpattern. The controller also calibrates an associated computing devicebased on the eye movements of the user.

The present specification also describes a method. According to themethod, user eye movements towards a display device are tracked in afirst mode to define an eye movement authentication pattern. In a secondmode, a user of the display device is authenticated based on eyemovements of the user matching the eye movement authentication pattern.Also, in the second mode, an associated computing device is calibratedbased on the eye movements of the user.

The present specification also describes a non-transitorymachine-readable storage medium encoded with instructions executable bya processor. The machine-readable storage medium includes instructionsto, in a first mode, 1) track user eye movements towards a displaydevice to define an eye movement authentication pattern and 2) receiveuser input to define supporting authentication credentials from a secondauthentication system. The machine-readable storage medium includesinstructions to, during login, authenticate a user by 1) matching usereye movements to the eye movement authentication pattern and 2) matchinguser input to the supporting authentication credentials. Duringauthentication, the instructions calibrate an associated computingdevice based on the eye movements of the user during login.

In summary, using such a system may 1) authenticate a user to increasedata security; 2) authenticate during calibration; 3) facilitateauthentication without removing an enhanced reality headset; and 4)provide hands-free user authentication. However, it is contemplated thatthe devices disclosed herein may address other matters and deficienciesin a number of technical areas.

As used in the present specification and in the appended claims, theterm “a number of” or similar language is meant to be understood broadlyas any positive number including 1 to infinity.

Turning now to the figures, FIG. 1 is a block diagram of a system (100)for authenticating a user and calibrating a computing system using gazetracking, according to an example of the principles described herein. Ingeneral, the system (100) may be disposed on any variety of computingdevices. Such computing devices include mobile phones, desktopcomputers, laptop computers, tablet devices, gaming systems, smart homedevices, and others. In one particular example, the system (100) isdisposed in an enhanced reality system. That is the gaze tracking system(104) may be disposed within an enhanced reality headset donned by auser. In another particular example, the system (100) is disposed in acomputing device in a vehicle. That is, the system (100) including thegaze tracking system (104) may be in a vehicle dashboard to track adriver’s eye movements.

The system (100) may include a display device (102). A display device(102) refers to any device that presents visual information to a user.Examples of display devices include computer screens, smart devicescreens, tablet screens, and mobile device screens. In one particularexample, the display device (102) is formed in a headset that is worn bya user when using an enhanced reality system. An example of such aheadset is depicted in FIG. 2 below.

The system (100) includes a gaze tracking system (104) to capture eyemovements of a user looking at the display device (102). In general, thegaze tracking system (104) is an electronic system that detects andreports at least one user’s gaze direction in one or both eyes. Theuser’s gaze direction may refer to the direction of a gaze ray inthree-dimensional (3D) space that originates from near or inside theuser’s eye and indicates the path along which their foveal retina regionis pointed. That is, the gaze tracking system (104) determines where auser is looking. In some examples, the gaze tracking system (104)reports the gaze direction relative to the object on which the gazeterminates. For example, the gaze tracking system (104) may determinewhat part of the display device (102) the user is looking at. Inenhanced reality head mounted displays or other virtual display systems,the gaze ray may be projected into a virtual space that is displayed infront of the user’s eye, such that the gaze ray terminates at somevirtual point behind the display device (102). In some examples, thegaze tracking system (104) tracks the gaze of more than one user at atime.

The gaze tracking system (104) may detect the eye’s orientation andposition in a variety of ways. In one example, the gaze tracking system(104) observes the eye using an infrared or visible light camera. Theposition of the eye anatomy within the camera’s image frame can be usedto determine where the eye is looking. In some examples, illuminatorsare used to create reflective glints on the eye’s anatomy, and theposition of the glints is used to track the eye. In these examples,entire patterns of light can be projected onto the eye, both throughdiffuse or point illuminators like standard LEDs, collimated LEDs, orlow powered lasers.

In some examples, the gaze tracking system (104) is integrated onto thedisplay device (102). For example, on a desktop computer or mobilephone, a camera could be directed towards the user to track their eyemovement and position. In another example, in an enhanced realityheadset, the gaze tracking system (104) may be formed on a same surfaceof an internal part of the housing that the display device (102) isformed and may point towards the user’s face.

As used in the present specification and in the appended claims, theterm, “controller” refers to various hardware components, which includesa processor and memory. The processor includes the hardware architectureto retrieve executable code from the memory and execute the executablecode. As specific examples, the controller as described herein mayinclude computer-readable storage medium, computer-readable storagemedium and a processor, an application-specific integrated circuit(ASIC), a semiconductor-based microprocessor, a central processing unit(CPU), and a field-programmable gate array (FPGA), and/or other hardwaredevice.

The memory may include a computer-readable storage medium, whichcomputer-readable storage medium may contain, or store computer-usableprogram code for use by or in connection with an instruction executionsystem, apparatus, or device. The memory may take many types of memoryincluding volatile and non-volatile memory. For example, the memory mayinclude Random Access Memory (RAM), Read Only Memory (ROM), opticalmemory disks, and magnetic disks, among others. The executable code may,when executed by the respective component, cause the component toimplement at least the functionality described herein.

The controller (106) of the system (100) authenticates the user based oneye movements of the user matching an eye movement authenticationpattern. That is, as described above, the eye movement authenticationpattern defines a set of eye movements that grant a user access tocertain data and/or applications. In some examples, this eye movementauthentication pattern may be user-defined. That is, during a setupphase, the user may be prompted to generate the eye movementauthentication pattern by looking at different areas of the displaydevice (102). In some examples, visual reference may be displayed andthe user may look at different cues on the visual reference. Forexample, the visual reference may be a grid of dots and the user maylook at the dots in a desired sequence. The movements the user’s eyes gothrough to view the dots in the sequence, forms the eye movementauthentication pattern. Accordingly, the gaze tracking system (104)determines the movement of the eyes as the user looks at a sequence ofdots and the controller (106) sets these eye movements as the eyemovement authentication pattern. Then, during login, the gaze trackingsystem (104) again tracks eye movements of the user and the controller(106) receives tracked movements and compares them to determine if theymatch the eye movement authentication pattern. If they do, thecontroller (106) authenticates the user and grants access to theinformation, data, and/or applications. By comparison, if they do notmatch, the controller (106) prevents the user from accessing theinformation, data, and/or applications.

The controller (106) also calibrates the associated computing devicebased on eye movements of the user. Calibration refers to the processwherein the characteristics of a user’s eye position and eye movementsare mapped to ensure accurate gaze tracking. For example, differentusers have different eye physical properties and inter pupillarydistance (IPD). Accordingly, the gaze tracking system (104) iscalibrated for each user. That is, the gaze tracking system (104) andapplications or program instructions executed thereon may operateimproperly and may not properly track eye movements if not calibrated.Calibration is used if there is a change to an IPD on account of therebeing a new user or the position of an enhance reality headset on auser. In other words, calibration information is used as reference datasuch that the gaze tracking system (104) can accurately measurecharacteristics of the eye to determine position and/or movement. Thiscalibration information is also used to ensure that the full displaydevice (102) is available for use.

To calibrate the gaze tracking system (104), associated computingdevice, and any applications/program instructions running on eitherdevice, the controller (106) may generate a visual reference and directthe user to look at different points. From the information collected asthe user looks at the different points, the gaze tracking system (104)and associated computing device may be calibrated.

In some examples, the authentication and calibration are performedsimultaneously. That is, as the user’s eyes move through the motions toprovide the eye movement authentication credentials, the controller(106) may pass the eye movement data to a system that calibrates thegaze tracking system (104) and the associated computing device. In otherwords, the calibration pattern used to calibrate the gaze tracing system(104) may be user-defined and may be unique to a particular user suchthat when kept confidential from other users, is a way to ensure aparticular user, and not some nefarious and malicious third party, isattempting to access the secure data and/or applications.

Accordingly, the present specification describes a system (100) whereina user, via a single eye movement pattern, can both authenticatethemselves to access the data and calibrate the gaze tracking system(104) to provide a correct and accurate immersive experience.

In other examples, the authentication and calibration are performedseparately. For example, the system (100) may save calibrationinformation, such as eye physical dimensions, and IPD. Then when a userauthenticates via the gaze tracking system (104), the controller (106)calls the calibration information associated with the user to calibratethe gaze tracking system (104) and/or the associated computing device.

In some examples, the system (100) may operate on multiple userssimultaneously. For example, a gaze tracking system (104) may bedisposed on a television, and each user could simultaneously enter theeye movement authentication pattern, which may be the same for each useror different for each user. As described above, the controller (106)recognizes the eye movement authentication pattern to authenticate theusers.

FIG. 2 is a diagram of an enhanced reality headset (208) forauthenticating and calibrating via gaze tracking, according to anexample of the principles described herein. As described above, thesystem (FIG. 1 , 100) may be formed in an enhanced reality system.Accordingly, the display device (102) may be a head mounted displaydevice that is worn by a user (210) to generate visual, auditory, andother sensory environments, to detect user input, and to manipulate theenvironments based on the user input. While FIG. 2 depicts a particularconfiguration of the enhanced reality headset (208), any type ofenhanced reality headset (208) may be used in accordance with theprinciples described herein.

FIG. 2 also depicts dashed boxes representing the controller (106) andthe gaze tracking system (104). While FIG. 2 depict these componentsdisposed on the enhanced reality headset (208), either of thesecomponents may be placed on another device. For example, the controller(106) may be found on a different computing device. That is, theenhanced reality headset (208) is communicatively coupled to a hostcomputing device such that execution of computer readable program codeby a processor associated with the host computing device causes a viewof an enhanced reality environment to be displayed in the enhancedreality headset (208). In some examples, the controller (106) of thesystem (FIG. 1 , 100) may be disposed on this host computing device.

In some examples, the enhanced reality headset (208) implements astereoscopic head-mounted display that provides separate images for eacheye of the user. In some examples, the enhanced reality headset (208)may provide stereo sound to the user. In an example, the enhancedreality headset (208) may include a head motion tracking sensor thatincludes a gyroscope and/or an accelerometer.

As described above, via the display device (102) and the gaze trackingsystem (104), a user (210) may be authenticated via tracking movementsof the eye during login/authentication and comparing those movements toan eye movement authentication pattern. In some examples, the displaydevice (102) displays an eye movement visual reference (212). Such aneye movement visual reference (212) provides confirmation of the eyeposition and movement of the eye. In the example depicted in FIG. 2 ,the eye movement visual reference (212) is a grid of dots, however theeye movement visual reference (212) may take other forms. For example,the eye movement visual reference (212) may be a secret image where theuser (210) looks at different parts of an image.

In some examples, the enhanced reality headset (208) may detect when auser takes on/off the enhanced reality headset (208) and the system(FIG. 1 , 100) may take appropriate action. For example, when taken off,the system (FIG. 1 , 100) may re-trigger the authentication process andend a current session. In this example, the system (FIG. 1 , 100) mayinclude an inertial measurement unit or other motion sensing unit todetect when the enhanced reality headset (208) is taken off completely(not just resting on the head). The same sensing unit may be used todetermine when the enhanced reality headset (208) is put back on a userhead.

The system (FIG. 1 , 100) may also identify the user of the enhancedreality headset (208) and may prompt the eye movement authenticationpattern associated with that user. That is, as described above, the eyemovement authentication pattern may be unique per user. The controller(FIG. 1 , 106) may identify the user and may call the eye movementauthentication pattern for that user.

In one particular example, this may be done by identifying an iris of auser. In this example, the system (FIG. 1 , 100) could generate atextual/visual notification that the user has been identified. Forexample, the system (FIG. 1 , 100) may generate a visual/auditory promptstating, “Hello John. You are back. Enter your eye movementauthentication pattern to log back in.” In other examples, rather thanusing identification via the eye of a user, a user may enter anotherform of authentication credentials such as a voice ID or touch ID toindicate who they are.

As described above, the eye movement authentication pattern isuser-specific and so may be transferable to other devices. In thisexample, the eye movement authentication pattern is associated withsupporting authentication credentials (such as voice ID, touch ID, orpassword) such that the eye movement authentication pattern is retrievedon any device where supporting authentication credentials are input. Forexample, if the user switches to a different enhanced reality headset(208), the user may input their voice ID or touch ID. The system (FIG. 1, 100) may uniquely identify them from a database of users. After this,the system (FIG. 1 , 100) logs the device name in the user’s account andcreates encrypted information that includes their unique eye movementauthentication pattern which allows them to login. In some examples, thesystem (FIG. 1 , 100) associates the eye movement authentication patternwith the new device ID so the next time they use the device, they canprovide username via user name voice ID or touch ID.

FIG. 3 is a block diagram of a system for granting access based onauthentication via gaze tracking, according to an example of theprinciples described herein. As described above, the system (FIG. 1 ,100) uses an eye movement authentication pattern (316) to provide accessto a resource (314). The resource (314) may be data, applications, orother computing resources. As described above, the resource (314) may belocal to a computing device. For example, a user may wish to access adatabase on their local computing device. In another example, theresource (314) may be remote. For example, a user may try to access awebsite such as a banking website that stores banking informationremotely.

As described above, the eye movement authentication pattern (316) may beused to authenticate the user to ensure they have rights to access theresource (314). In some examples, the eye movement authenticationpattern (316) may be used in conjunction with supporting authenticationcredentials (318), for example to provide multi-factor authentication.The supporting authentication credentials (318) may be of a variety oftypes including a username, voice identifier, fingerprint, or deviceidentifier. In these examples, to access the resource (314), a user isauthenticated via both mechanisms. That is, a user provides a username,voice identifier, fingerprint, or device identifier that matches adatabase of authorized entities and also provides an eye movement thatmatches the eye movement authentication pattern (316).

Such dual-mode authentication increases the security of thedata/applications a user is attempting to access. That is, given thatusers are looking at a pattern of points, there may be a finite set ofdistinct patterns for a given grid of points. Accordingly, as the numberof users increases, the probability that two users have the same patternincreases. By combining a pattern information with local information,i.e., touch ID, voice ID, or device ID, data security is enhanced asit’s less likely that two users of the same device have the exact samepattern. Thus, the present system (FIG. 1 , 100) further enhances thesecurity of the resource (314).

FIG. 4 is a flowchart of a method (400) for authenticating andcalibrating via gaze tracking, according to an example of the principlesdescribed herein. In the example depicted in FIG. 4 , the system (FIG. 1, 100) operates in different modes. In a first mode, the system (FIG. 1, 100) receives user input to establish the eye movement authenticationpattern (FIG. 3 , 316) and in a second mode, such as a login orauthentication operation, the system (FIG. 1 , 100) receives user inputand determines whether it matches the eye movement authenticationpattern (FIG. 3 , 316).

Accordingly, in the first mode, the method (400) includes tracking usereye movements towards a display device (FIG. 1 , 102) to define an eyemovement authentication pattern (FIG. 3 , 316). That is, as describedabove the gaze tracking system (FIG. 1 , 104) can discriminate where ona display device a user’s eyes are directed. Accordingly, the system(FIG. 1 , 100) may enter a mode where eye positions and movements aretracked and recorded. That is, the gaze tracking system (FIG. 1 , 104)captures eye movements to define the eye movement authentication pattern(FIG. 3 , 316). Also, during this first mode, the controller (FIG. 1 ,106) establishes the eye movement authentication pattern (FIG. 3 , 316).That is, the sequence of eye movements recorded by the gaze trackingsystem (FIG. 1 , 104) are formally defined as the eye movementauthentication pattern (FIG. 3 , 316) and stored for subsequentauthentication of a user.

At another point in time, that is when a user, be it the same user thatestablished the eye movement authentication pattern (.FIG. 3 , 316) oranother user, the system (FIG. 1 , 100) calls the eye movementauthentication pattern (FIG. 3 , 316) to ensure the user attempting toaccess the resource (FIG. 3 , 314) has rights to do so. Accordingly, ina second mode such as login or authentication, the method (400) includesauthenticating (block 402) a user of the display device (FIG. 1 , 102)based on eye movements of the user matching the eye movementauthentication pattern (FIG. 3 , 316). That is, a login screen may bepresented to a user prior to the user accessing a resource (FIG. 3 ,314), whether that resource (FIG. 3 , 314) be data, applications,services, and/or computing hardware resources. Via the login screen, theuser is prompted to enter a validating eye movement authenticationpattern (FIG. 3 , 316). If the eye movements of the user match the eyemovement authentication pattern (FIG. 3 , 316) the user is grantedaccess. By comparison, if the eye movements of the user do not match theeye movement authentication pattern (FIG. 3 , 316), access is denied.

Concurrently with capturing eye movements to compare against an eyemovement authentication pattern (FIG. 3 , 316), the system (FIG. 1 ,100) may capture eye movements to calibrate (block 403) the gazetracking system (FIG. 1 , 104), any associated computing device, andapplications/program instructions that may be running on the gazetracking system (FIG. 1 , 104) and/or the associated computing device.That is, to ensure accurate tracking of user eye movement and to ensureproper interpretation and responses to eye movement, the computingdevice of which the gaze tracking system (FIG. 1 , 104) is a part andthe gaze tracking system (FIG. 1 , 104) itself, are calibrated. This maybe done as the user’s eyes are tracked during gaze authentication.

Put another way, the gaze tracking system (FIG. 1 , 104) and userauthentication rely on tracking eye movements. The present system (FIG.1 , 100) and method (400) simultaneously perform these operations. Doingso provides a simpler login process as a user can perform authenticationwithout taking off an enhanced reality headset (FIG. 2 , 208) forexample and can perform authentication and calibration through a singleoperation, rather than through distinct and separate operations.

A specific example of the first mode and second mode of operation of thesystem (FIG. 1 , 100) is now provided in which the system (FIG. 1 , 100)is incorporated in an enhanced reality headset (FIG. 2 , 208). During afirst mode, i.e., a first-time registration, a user may login in with avirtual keyboard using their controllers. At this time, he/she can bewalked through a one-time set up of enhanced reality authentication.During this set up, a user creates their own personal eye movementauthentication pattern (FIG. 3 , 316) from a grid that is shown. In someexamples, there may be certain criteria for establishing the eyemovement authentication pattern (FIG. 3 , 316). For example, the system(FIG. 1 , 100) may proscribe that dots from particular regions of thedisplay be used in an eye movement authentication pattern (FIG. 3 ,316). Doing so may ensure that a generated eye movement authenticationpattern (FIG. 3 , 316) is able to be used for system calibration.

In addition, the user may also provide information to establish asupporting authentication credential (FIG. 3 , 318) such as an audiosample of their name. For example, “John Smith” repeated multiple timesto get samples for future detection. In another example with a touchpad,a user may provide a touch identifier by touching the sensor. As yetanother example, a device identifier may be retrieved during this setup. In this example, the device identifier is automatically obtainedfrom the enhanced reality headset (FIG. 2 , 208).

During the second mode, i.e., during authentication, when the supportingauthentication credential (FIG. 3 , 318) is a voice identifier, a usermay state their name. When the supporting authentication credential(FIG. 3 , 318) is a touch identifier, the user may use a touchpad. Ineither example, following authentication via a supporting authenticationcredential (FIG. 3 , 318), a user may be shown a grid that is theeye-tracker calibration routine. The computer expects the user-definedeye movement authentication pattern.

For additional security the device ID can be used to decrypt a passwordand combine it with the username or user’s name voice ID. Naively, toencrypt the password, the hashing function (derived from device ID) maybe used with the device ID as a key. By using device ID to generate thehashing function, a narrow latent space is created where passwordsexist. By knowing the device ID, the inverse function can be used toderive a smaller set of password patterns that may be linked to aparticular device and authentication in that space.

In the event that a user fails authentication, the system (FIG. 1 , 100)may fall back to a virtual keyboard with controllers to enter usernameand password while in VR, or a user may remove the enhanced realityheadset (FIG. 2 , 208) and login via the desktop experience.

FIGS. 5A - 5E are screenshots of authenticating and calibrating via gazetracking, according to an example of the principles described herein.That is, FIGS. 5A - 5E depict operation of the system (FIG. 1 , 100) ina second, or login, mode. At a first screen, a user is prompted to entera supporting authentication credential (FIG. 3 , 318). In the exampledepicted in FIG. 5 a , the supporting authentication credential (FIG. 3, 318) is a voice identifier as indicated by the prompt to “Please SayYour Name.” Accordingly, a user may state their name. As depicted inFIG. 5B, following authentication via a second authentication system, anindication is provided to a user that they have provided anauthenticated credential.

Responsive to providing an authenticated credential, the system (FIG. 1, 100) initiates authentication via gaze tracking. In this example, thesystem (FIG. 1 , 100) displays an eye movement visual reference asdepicted in FIG. 5C. That is, without such a reference it may bedifficult for a user to know if their eye registration is accuratelytracked. Accordingly, the eye movement visual reference provides visualcues or references that a user may follow when attempting toauthenticate via gaze tracking. A similar visual reference may beprovided during the first mode when the user is defining the eyemovement authentication pattern (FIG. 3 , 316). Note that FIGS. 5C and5D depict one example of an eye movement visual reference, but otherexamples such as images, or a sequence of images in a pattern may alsobe implemented.

As depicted in FIG. 5D, the user then moves their eyes in apredetermined pattern. As depicted in FIG. 5D, visual indication may beprovided of the eye movement. That is, those grid points that arerecorded as being the focus of a user’s eyes are encircled about by ahighlighting indicator. Thus, a user may recognize at which point on thescreen is registered as being a focus of their gaze. Note that in someexamples, this visual indication of a user’s gaze, i.e., thehighlighting indicator, may be prevented from being displayed altogetheror may be prevented from being displayed to a mirroring device.

Then as depicted in FIG. 5E, if the user eye movement matches the eyemovement authentication pattern (FIG. 3 , 316) a screen (520) ispresented that indicates the user is authenticated to access theresource (FIG. 3 , 314), whatever that resource (FIG. 3 , 314) may be.

Note that while FIGS. 5A - 5E depict a particular order betweenauthentication via the supporting authentication credentials (FIG. 3 ,318) and the eye movement authentication pattern (FIG. 3 , 316), anyorder may be implemented. That is, authenticating the user may includeauthenticating the user based on user input matching supportingauthentication credentials (FIG. 3 , 318) and in one exampleauthenticating the user of the display device (FIG. 1 , 102) based oneye movements of the user matching the eye movement authenticationpattern (FIG. 3 , 316) is responsive to the user input matching thesupporting authentication credentials (FIG. 3 , 318). However, inanother example, authenticating the user based on the user inputmatching supporting authentication credentials (FIG. 3 , 318) isresponsive to eye movements of the user matching the eye movementauthentication pattern (FIG. 3 , 316).

FIG. 6 is a block diagram of a system (100) for authenticating a userand calibrating a computing system using gaze tracking, according to anexample of the principles described herein. The system depicted in FIG.6 includes a display device (102), gaze tracking system (104), andcontroller (106) as depicted in FIG. 1 . The system (100) includesadditional components to authenticate a user. Specifically, the system(100) may include a second authentication system (622). That is, asdescribed above, the eye movement authentication pattern (FIG. 3 , 316)may be used in combination with other authentication credentials (FIG. 3, 318) in a multi-factor authentication system to further increase thesecurity of data, applications, and/or computing resources. During thefirst mode, that is when a user is registering, the secondauthentication system (622) receives user input to establish supportingauthentication credentials (FIG. 3 , 318) and during login, thecontroller (106) further authenticates the user based on input matchingthe supporting authentication credentials (FIG. 3 , 318). In someexamples, the second authentication system (622) may present aninterface wherein a user can setup and be authenticated via a username.

In another example, the second authentication system (622) is abiometric authentication system. That is, the second authenticationsystem (622) may authenticate via physical distinguishing attributes ofa user. In one example, a biometric second authentication system (622)uses a user’s voice print to authenticate the user. In this example, thesecond authentication system (622) includes 1) a microphone to captureaudio recorded by the user and 2) the controller (106) which matches aninput audio signal to the user’s voice print to authenticate the user.

In another example, the biometric second authentication system (622)uses a user’s unique fingerprint to authenticate the user. In thisexample, the second authentication system (622) includes 1) a touchpadto capture the fingerprint of a user and 2) the controller (106) whichmatches a received fingerprint to a record of authorized finger prints.While specific reference is made to particular biometric authenticationsystems, other biometric information may be used to authenticate theuser alongside the gaze tracking system (104).

In another example, the second authentication system (622) is a deviceauthentication system. That is, the device through which access to theresource (FIG. 3 , 314) is granted may be identified by a uniqueidentifier. In this example, the second authentication system (622)includes a database of device identifiers that are authorized to provideaccess to the resource (FIG. 3 , 314). In this example, the controller(106) may retrieve the device identifier and compare it against thedatabase of authorized devices to determine, along with the eye movementauthentication pattern (FIG. 3 , 316), whether the user of the device isallowed access to the resource (FIG. 3 , 314). Thus, the system (100)provides multiple authentication operations to increase the security ofvaluable resources (FIG. 3 , 314).

FIG. 7 is a flowchart of a method (700) for authenticating andcalibrating via gaze tracking, according to an example of the principlesdescribed herein. According to the method (700), user eye movementstowards a display device (FIG. 1 , 102) are tracked (block 701) todefine an eye movement authentication pattern (FIG. 3 , 316). This maybe performed as described above in connection with FIG. 4 .

To further increase the security of this operation, visual indication ofeye movements may be prevented (block 702) from being displayed on thedisplay device (FIG. 1 , 102) or another display device. For example, itmay be the case that the display device (FIG. 1 , 102) is visible toother users. As a particular example, a second user may be standingbehind a first user while the first user is creating or authenticatingvia the eye movement authentication pattern (FIG. 3 , 316). Were the eyemovements visually indicated on the display device (FIG. 1 , 102), thissecond user may gain access to the eye movement authentication pattern(FIG. 3 , 316) and could gain unauthorized access via entry of the eyemovement authentication pattern (FIG. 3 , 316). As another particularexample, an enhanced reality headset (FIG. 2 , 218) may be coupled to amirrored display device, such as a computing desktop. Similarly, if asecond user is in front of the mirrored display device while the firstuser is establishing or authenticating via the eye movementauthentication pattern (FIG. 3 , 316), the second user may get undesiredaccess to the resource (FIG. 3 , 314). Accordingly, by preventing (block702) the display device (FIG. 1 , 102) and/or another display devicefrom visually indicating the eye movement, greater security of theresource (FIG. 3 , 316) is provided.

However, in some examples, the method (700) includes providing (block703) an indication, either auditory or visual, of entry of the eyemovement, all without visually revealing the eye movement. That is,while the actual movements are not indicated, the fact that an eyemovement was registered may be indicated. As a particular example, anaudible beep may indicate that a point is chosen. As another example acounter may be established which updates each time a new eye movement isregistered. Doing so allows the user to receive verification that an eyemovement towards completing the eye movement authentication pattern(FIG. 3 , 316) was received without revealing the eye movementauthentication pattern (FIG. 3 , 316) on the display device (FIG. 1 ,102) or another display device.

The method (700) also includes simultaneously authenticating (block 704)the user based on eye movements matching the eye movement authenticationpattern (FIG. 3 , 316) and calibrating (block 705) the gaze trackingsystem (FIG. 1 , 104) and associated computing device based on the sameeye movements used to enter the eye movement authentication pattern(FIG. 3 , 316). As used in the present specification and in the appendedclaims, the term “simultaneously” may indicate an overlap in time. Theseoperations may be performed as described above in connection with FIG. 4.

FIG. 8 depicts a non-transitory machine-readable storage medium (824)for authenticating and calibrating via gaze tracking, according to anexample of the principles described herein. To achieve its desiredfunctionality, a computing system includes various hardware components.Specifically, a computing system includes a processor and amachine-readable storage medium (824). The machine-readable storagemedium (824) is communicatively coupled to the processor. Themachine-readable storage medium (824) includes a number of instructions(826, 828, 830, 832, 834) for performing a designated function. Themachine-readable storage medium (824) causes the processor to executethe designated function of the instructions (826, 828, 830, 832, 834).The machine-readable storage medium (824) can store data, programs,instructions, or any other machine-readable data that can be utilized tooperate the system (FIG. 1 , 100). Machine-readable storage medium (824)can store computer readable instructions that the processor of thecontroller (FIG. 1 , 106) can process, or execute. The machine-readablestorage medium (824) can be an electronic, magnetic, optical, or otherphysical storage device that contains or stores executable instructions.Machine-readable storage medium (824) may be, for example, Random AccessMemory (RAM), an Electrically Erasable Programmable Read-Only Memory(EEPROM), a storage device, an optical disc, etc. The machine-readablestorage medium (824) may be a non-transitory machine-readable storagemedium (824).

Referring to FIG. 8 , define instructions (826), when executed by theprocessor, cause the processor to, in a first mode, track user eyemovements towards a display device (FIG. 1 , 102) to define an eyemovement authentication pattern (FIG. 3 , 316). Receive instructions(828), when executed by the processor, cause the processor to, in thefirst mode, receive user input to define supporting authenticationcredentials (FIG. 3 , 318) from a second authentication system (FIG. 6 ,622).

Match eye movement instructions (830), when executed by the processor,cause the processor to, during login, authenticate a user by matchinguser eye movements to the eye movement authentication pattern (FIG. 3 ,316). Match authentication credentials instructions (832), when executedby the processor, cause the processor to, during login, authenticate auser by matching user input to the supporting authentication credentials(FIG. 3 , 318).

Calibrate instructions (834), when executed by the processor, cause theprocessor to, during authentication, calibrate the display device (FIG.1 , 102) and associated computing device based on eye movements of theuser during login.

In summary, using such a system may 1) authenticate a user to increasedata security; 2) authenticate during calibration; 3) facilitateauthentication without removing an enhanced reality headset; and 4)provide hands-free user authentication. However, it is contemplated thatthe devices disclosed herein may address other matters and deficienciesin a number of technical areas.

1. A system, comprising: a display device; a gaze tracking system tocapture eye movements of a user looking at the display device; and acontroller to: authenticate the user based on eye movements of the usermatching an eye movement authentication pattern; and calibrate acomputing device based on the eye movements of the user.
 2. The systemof claim 1, wherein, in a first mode: the gaze tracking system captureseye movements to define the eye movement authentication pattern; and thecontroller establishes the eye movement authentication pattern.
 3. Thesystem of claim 2, further comprising a second authentication system,wherein: during the first mode, the second authentication system is toreceive user input to establish supporting authentication credentials;and during login, the controller is to further authenticate the userbased on input matching the supporting authentication credentials. 4.The system of claim 3, wherein the second authentication system is abiometric authentication system.
 5. The system of claim 3, wherein thesecond authentication system is a device authentication system.
 6. Thesystem of claim 1, wherein the display device is a head mounted displaydevice.
 7. A method, comprising: in a first mode, tracking user eyemovements towards a display device to define an eye movementauthentication pattern; in a second mode: authenticating a user of thedisplay device based on eye movements of the user matching the eyemovement authentication pattern; and calibrating a computing devicebased on the eye movements of the user.
 8. The method of claim 7,further comprising displaying an eye movement visual reference.
 9. Themethod of claim 7, wherein authenticating the user further comprisesauthenticating the user based on user input matching supportingauthentication credentials.
 10. The method of claim 9, whereinauthenticating the user of the display device based on eye movements ofthe user matching the eye movement authentication pattern is responsiveto the user input matching the supporting authentication credentials.11. The method of claim 9, wherein authenticating the user based on theuser input matching supporting authentication credentials is responsiveto eye movements of the user matching the eye movement authenticationpattern.
 12. The method of claim 7, further comprising preventing visualindication of the eye movement authentication pattern to a mirroreddisplay device.
 13. The method of claim 12, further comprising providingat least one of an auditory and visual indication of entry of the eyemovement authentication pattern without visually revealing the eyemovement authentication pattern.
 14. A non-transitory machine-readablestorage medium encoded with instructions executable by a processor, themachine-readable storage medium comprising instructions to: in a firstmode: track user eye movements towards a display device to define an eyemovement authentication pattern; and receive user input to definesupporting authentication credentials from a second authenticationsystem; during login, authenticate a user by: matching user eyemovements to the eye movement authentication pattern; and matching userinput to the supporting authentication credentials; and duringauthentication, calibrate a computing device based on the eye movementsof the user during login.
 15. The non-transitory machine-readablestorage medium of claim 14, further comprising instructions to associatethe eye movement authentication pattern to the supporting authenticationcredentials such that the eye movement authentication pattern isretrieved on any device where supporting authentication credentials areinput.